Rank 1
In our applications using the ASP.net Ajax control, this control comes in the retired JQuery version. Currently using the version like 1.0.
Please suggest how can we upgrade the JQuery version so that we can avoid the vulnerability issue.
1 Answer, 1 is accepted
Hi Dilip,
By checking the jQuery Version History in Telerik UI Controls, I can conclude that you are using an old version of Telerik UI for ASP.NET AJAX that is most likely vulnerable to a number of security vulnerabilities.
If your app is using a Telerik.Web.UI.dll version prior to 2020.1.114, my advice is to upgrade to the latest version which will guarantee improved security and fixes for all known vulnerabilities in it. You can find more information in the following online resources:
- Blue Mockingbird Vulnerability Picks up Steam—Telerik Guidance
- Allows JavaScriptSerializer Deserialization
- RadAsyncUpload Security article
- Unrestricted File Upload
- Cryptographic Weakness
- Insecure Direct Object Reference
Last but not least, if you'd like to disable the embedded jQuery and include an external one follow the steps in the following article: Including external jQuery.
Best Regards,
Rumen
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.